Check if the clouds of Microsoft (onedrive) and Google Drive are included in the whitelist of Microsoft and Google respectively. If they are, delete then.

stratosphereips / StratosphereLinuxIPS

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

Other

685 stars 164 forks source link

Check if the clouds of Microsoft (onedrive) and Google Drive are included in the whitelist of Microsoft and Google respectively. If they are, delete then. #829

Open eldraco opened 1 month ago

eldraco commented 1 month ago

The problem is that many APT groups use OneDrive to exfiltrate data, similar to using Dropbox. So it is not good if it is whitelisted.

check here for ips https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

Check here for more info https://www.rapid7.com/globalassets/_pdfs/whitepaperguide/rapid7-Kimsukys-Phishing-and-Payload-Tactics_wp.pdf

eldraco commented 1 month ago

Similar with Google Drive. It should not be whitelisted.